Kicking the Tires of XP Service Pack, Part 2

With the release of Windows XP Service Pack 2 (SP2) midyear, Microsoft will finally get around to fixing a variety of security flaws that have bedeviled Windows users for years -- most notably viruses and worms spread via web browsing, email, and instant messaging. And so, as we'll see in this second article of a two-part series, a solid hunk of the improvements and fixes in SP2 are aimed at clamping shut the opportunities email and messaging leave open so invitingly.

Other morsels of SP2, distributed in a beta version to developers, clamp down on pop-ups and make updating Windows easier. (For details about how SP2 updates the Internet Connection Firewall, see the first article in the series.)

Safer Web Browsing

The service pack modifies Internet Explorer to block unintentional downloads and installations. Previously, downloading one file -- or simply visiting a booby-trapped site -- could trigger an unseen download and installation of an innocent addition to a toolbar, slip in stealthy spyware to report on your surfing habits, or, in the worst case, plant a piece of malware. With SP2, an attempt by a web site to download a file to your PC will result in a download link appearing beneath the Explorer toolbar. You can then accept it or not.

SP2 also makes it easier to identify Active X controls plus toolbar and browser extensions, using the new Add-on Manager that lets you view and control add-ons, even those that try to hide. IE's Manage Add-ons dialog box, buried inconspicuously among other tabbed sheets in the Control Panel's Internet Options applet (shown in Figure 1), lets you view a list of add-ons along with enough extra information so that you can decide if the add-on should continue to live. In addition to letting you view and control the list of add-ons that can be loaded by Internet Explorer with more detailed control than before, it also shows the presence of some add-ons that previously could be very difficult to detect.

Figure 1. SP2's new Add-on Manager lets you easily see all Internet Explorer add-ons on your system, and disable those you think may cause problems. (You can click on the screenshot to open a full-size view.)

Another new addition, Internet Explorer Add-on Crash Detection, attempts to detect crashes in Internet Explorer related to an add-on. When the add-on is successfully identified, you have the option to disable it.

Put Down Pop-Ups

With pop-up ads easily beating out Jim Carrey for world's worst annoyance, a pop-up blocker should have been a part of Internet Explorer since the release of Win XP. Microsoft remedies that with SP2. It offers the Pop-up Blocker (shown in Figure 2), which you can find under the Tools menu. You can also get to the Pop-up Blocker via the Privacy tab of the Internet Options dialog box, also on the Tools menu (shown in Figure 3).

Figure 3. SP2 goes out of its way to let you know about the Pop-up Blocker. You can also access it from the Privacy tab of the Internet Options dialog box.

In contrast to other SP2 improvements that by default turn on helpful features, the default for the Pop-up Blocker is off, as if most computer users would prefer to have ads for "natural" Viagra pop up over their spreadsheets. With the blocker turned on, Explorer refuses to display a pop-up or pop-under window unless the user has clicked on its link. (One setting turns off the display of the ads even if the user deliberately clicks a link.)

When XP blocks a pop-up, it announces the blockage with some .WAV file fanfare and a notice that appears in the Status Bar. If you're curious about what lurks waiting to pop onto the screen, you can click on the notice. This produces a menu with the choices to show the blocked pop-up, allow all pop-ups from that site, or display the pop-up blocker configuration dialog box (shown in Figure 4).

Figure 4. The Pop-up Blocker lets you block pop-ups on a site-by-site basis and overall control how pop-ups should be handled.

Safer Email and Instant Messaging

Email has become the medium of choice for malicious hackers to distribute their viruses and malevolent pranks. Like a cyber version of Six Degrees of Kevin Bacon, email ultimately connects everyone to everyone else. SP2 vaccinates Outlook Express and Windows Messenger instant messaging with anti-virus medicine.

Although the security enhancements for email and instant messaging don't appear in the beta release, Microsoft documents indicate that, in a later release, if you try to open a program delivered as attachment to email or an instant message, Windows will clamp down on what the program is allowed to do.

In addition, it will no longer be the default for Outlook Express to download external content such as graphics in HTML mail.

And for Dessert....

The service pack includes other features that amount to a smorgasbord of desserts after you have installed the main courses for great security and stability. They include:

Automatic Update: Microsoft seems to have finally learned that users are not going to jump at the chance to download each week's passel of patches to cure the latest security risks. So SP2 makes it easier to enable automatic update. The update feature itself has been overhauled to allow restartable downloads and use delta compression to reduce the length of time it takes to download files on dial-up connections.

Windows Media Player 9 Series: Although it seems that a program such as Media Player 9 shouldn't have any security problems, some lurk within. So Microsoft threw in a new set of security settings for users to diddle with as they listen to bootleg Five for Fighting MP3s.

Bluetooth Update: Not a fix, but a feature. Windows XP SP2 updates support for Bluetooth so users can replace their cordless RF keyboards and mice with cordless Bluetooth keyboards and mice as well as more easily connect wirelessly with PDAs and cell phones.

Better Wi-Fi: A new wireless LAN client expands the range of the wireless hot spots a PC can join so someone with a Wi-Fi-equipped PC can move seamlessly from one hot spot to another.